grafana.json
· 52 KiB · JSON
Raw
{
"apiVersion": "dashboard.grafana.app/v2",
"kind": "Dashboard",
"metadata": {
"name": "ad-samba-audit",
"namespace": "default",
"uid": "092a783d-214c-46fa-b429-7cb5b93a3f65",
"resourceVersion": "1782469594734004",
"generation": 12,
"creationTimestamp": "2026-06-09T12:20:41Z",
"labels": {
"grafana.app/deprecatedInternalID": "1673156113694720"
},
"annotations": {
"grafana.app/createdBy": "user:efm4lmr01b20wa",
"grafana.app/folder": "",
"grafana.app/saved-from-ui": "Grafana v13.0.1+security-01 (9bbe672d)",
"grafana.app/updatedBy": "user:efm4lmr01b20wa",
"grafana.app/updatedTimestamp": "2026-06-26T10:26:34Z"
}
},
"spec": {
"annotations": [
{
"kind": "AnnotationQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "grafana",
"version": "v0",
"spec": {}
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"builtIn": true
}
}
],
"cursorSync": "Off",
"editable": true,
"elements": {
"panel-1": {
"kind": "Panel",
"spec": {
"id": 1,
"title": "Logins OK",
"description": "Успешные входы в домен (samba_auth): машинные и пользовательские, разбивка по домену.",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"datasource": {
"name": "afoiuzkkxju2of"
},
"spec": {
"alias": "machine_login",
"groupBy": [
{
"params": [
"$interval"
],
"type": "time"
},
{
"params": [
"domain::tag"
],
"type": "tag"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "samba_auth",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)",
"rawQuery": false,
"resultFormat": "time_series",
"select": [
[
{
"params": [
"client_account"
],
"type": "field"
},
{
"params": [],
"type": "count"
}
]
],
"tags": [
{
"key": "status::tag",
"operator": "=",
"value": "NT_STATUS_OK"
},
{
"condition": "AND",
"key": "account::tag",
"operator": "=~",
"value": "/^MACHINE/"
}
]
}
},
"refId": "A",
"hidden": false
}
},
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"datasource": {
"name": "afoiuzkkxju2of"
},
"spec": {
"alias": "user_login",
"groupBy": [
{
"params": [
"$interval"
],
"type": "time"
},
{
"params": [
"domain::tag"
],
"type": "tag"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "samba_auth",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^user/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)",
"rawQuery": false,
"resultFormat": "time_series",
"select": [
[
{
"params": [
"client_account"
],
"type": "field"
},
{
"params": [],
"type": "count"
}
]
],
"tags": [
{
"key": "status::tag",
"operator": "=",
"value": "NT_STATUS_OK"
},
{
"condition": "AND",
"key": "account::tag",
"operator": "=~",
"value": "/^user/"
},
{
"condition": "OR",
"key": "account::tag",
"operator": "=~",
"value": "/^loadtest/"
}
]
}
},
"refId": "B",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"annotations": {
"clustering": -1,
"multiLane": false
},
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"fieldConfig": {
"defaults": {
"thresholds": {
"mode": "absolute",
"steps": [
{
"value": 0,
"color": "green"
},
{
"value": 80,
"color": "red"
}
]
},
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "smooth",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"showValues": false,
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
}
},
"overrides": []
}
}
}
}
},
"panel-2": {
"kind": "Panel",
"spec": {
"id": 2,
"title": "DSDB: изменения по операциям",
"description": "Число изменений объектов каталога (samba_dsdb), разбивка по типу операции.",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"datasource": {
"name": "afoiuzkkxju2of"
},
"spec": {
"groupBy": [],
"measurement": "samba_dsdb",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"operation\"::tag fill(null)",
"rawQuery": true,
"resultFormat": "time_series",
"select": [],
"tags": []
}
},
"refId": "A",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"annotations": {
"clustering": -1,
"multiLane": false
},
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "desc"
}
},
"fieldConfig": {
"defaults": {
"thresholds": {
"mode": "absolute",
"steps": [
{
"value": 0,
"color": "green"
},
{
"value": 80,
"color": "red"
}
]
},
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "bars",
"fillOpacity": 50,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"showValues": false,
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
},
"thresholdsStyle": {
"mode": "off"
}
}
},
"overrides": []
}
}
}
}
},
"panel-3": {
"kind": "Panel",
"spec": {
"id": 3,
"title": "DSDB: система vs пользователь",
"description": "Изменения каталога с разбивкой по performedAsSystem (true = выполнено системой).",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"datasource": {
"name": "afoiuzkkxju2of"
},
"spec": {
"groupBy": [],
"measurement": "samba_dsdb",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"as_system\"::tag fill(null)",
"rawQuery": true,
"resultFormat": "time_series",
"select": [],
"tags": []
}
},
"refId": "A",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"annotations": {
"clustering": -1,
"multiLane": false
},
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "desc"
}
},
"fieldConfig": {
"defaults": {
"thresholds": {
"mode": "absolute",
"steps": [
{
"value": 0,
"color": "green"
},
{
"value": 80,
"color": "red"
}
]
},
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 20,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "smooth",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"showValues": false,
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
}
},
"overrides": []
}
}
}
}
},
"panel-4": {
"kind": "Panel",
"spec": {
"id": 4,
"title": "DSDB: топ инициаторов (SID)",
"description": "Кто инициировал изменения каталога — разбивка по userSid.",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"datasource": {
"name": "afoiuzkkxju2of"
},
"spec": {
"groupBy": [],
"measurement": "samba_dsdb",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"user_sid\"::tag fill(null)",
"rawQuery": true,
"resultFormat": "time_series",
"select": [],
"tags": []
}
},
"refId": "A",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"annotations": {
"clustering": -1,
"multiLane": false
},
"legend": {
"calcs": [
"sum"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "desc"
}
},
"fieldConfig": {
"defaults": {
"thresholds": {
"mode": "absolute",
"steps": [
{
"value": 0,
"color": "green"
},
{
"value": 80,
"color": "red"
}
]
},
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "bars",
"fillOpacity": 50,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"showValues": false,
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
},
"thresholdsStyle": {
"mode": "off"
}
}
},
"overrides": []
}
}
}
}
},
"panel-5": {
"kind": "Panel",
"spec": {
"id": 5,
"title": "Транзакции: длительность (mean/max)",
"description": "Длительность транзакций каталога (samba_dsdb_tx) в микросекундах.",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"datasource": {
"name": "afoiuzkkxju2of"
},
"spec": {
"groupBy": [],
"measurement": "samba_dsdb_tx",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT mean(\"duration\") AS \"mean\", max(\"duration\") AS \"max\" FROM \"samba_dsdb_tx\" WHERE $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": true,
"resultFormat": "time_series",
"select": [],
"tags": []
}
},
"refId": "A",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"annotations": {
"clustering": -1,
"multiLane": false
},
"legend": {
"calcs": [
"mean",
"max"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "desc"
}
},
"fieldConfig": {
"defaults": {
"unit": "µs",
"thresholds": {
"mode": "absolute",
"steps": [
{
"value": 0,
"color": "green"
},
{
"value": 80,
"color": "red"
}
]
},
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "smooth",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"showValues": false,
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
}
},
"overrides": []
}
}
}
}
},
"panel-6": {
"kind": "Panel",
"spec": {
"id": 6,
"title": "Транзакции по типу действия",
"description": "Число транзакций каталога, разбивка по action (commit / rollback / prepare commit / begin).",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"datasource": {
"name": "afoiuzkkxju2of"
},
"spec": {
"groupBy": [],
"measurement": "samba_dsdb_tx",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"duration\") FROM \"samba_dsdb_tx\" WHERE $timeFilter GROUP BY time($interval), \"action\"::tag fill(null)",
"rawQuery": true,
"resultFormat": "time_series",
"select": [],
"tags": []
}
},
"refId": "A",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"annotations": {
"clustering": -1,
"multiLane": false
},
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "desc"
}
},
"fieldConfig": {
"defaults": {
"thresholds": {
"mode": "absolute",
"steps": [
{
"value": 0,
"color": "green"
},
{
"value": 80,
"color": "red"
}
]
},
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "bars",
"fillOpacity": 50,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"showValues": false,
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
},
"thresholdsStyle": {
"mode": "off"
}
}
},
"overrides": []
}
}
}
}
},
"panel-7": {
"kind": "Panel",
"spec": {
"id": 7,
"title": "SMB activity",
"description": "",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"datasource": {
"name": "afoiuzkkxju2of"
},
"spec": {
"alias": "user_smb",
"groupBy": [
{
"params": [
"$interval"
],
"type": "time"
},
{
"params": [
"domain::tag"
],
"type": "tag"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "samba_authz",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)",
"rawQuery": false,
"resultFormat": "time_series",
"select": [
[
{
"params": [
"auth_type"
],
"type": "field"
},
{
"params": [],
"type": "count"
}
]
],
"tags": [
{
"key": "service::tag",
"operator": "=",
"value": "SMB2"
},
{
"condition": "AND",
"key": "auth_type::field",
"operator": "=",
"value": "krb5"
},
{
"condition": "AND",
"key": "account::tag",
"operator": "=~",
"value": "/^user-/"
}
]
}
},
"refId": "A",
"hidden": false
}
},
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"datasource": {
"name": "afoiuzkkxju2of"
},
"spec": {
"alias": "machine_smb",
"groupBy": [
{
"params": [
"$interval"
],
"type": "time"
},
{
"params": [
"domain::tag"
],
"type": "tag"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "samba_authz",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)",
"rawQuery": false,
"resultFormat": "time_series",
"select": [
[
{
"params": [
"auth_type"
],
"type": "field"
},
{
"params": [],
"type": "count"
}
]
],
"tags": [
{
"key": "service::tag",
"operator": "=",
"value": "SMB2"
},
{
"condition": "AND",
"key": "auth_type::field",
"operator": "=",
"value": "krb5"
},
{
"condition": "AND",
"key": "account::tag",
"operator": "=~",
"value": "/^MACHINE/"
}
]
}
},
"refId": "B",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"annotations": {
"clustering": -1,
"multiLane": false
},
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"fieldConfig": {
"defaults": {
"thresholds": {
"mode": "absolute",
"steps": [
{
"value": 0,
"color": "green"
},
{
"value": 80,
"color": "red"
}
]
},
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "smooth",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"showValues": false,
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
}
},
"overrides": []
}
}
}
}
},
"panel-8": {
"kind": "Panel",
"spec": {
"id": 8,
"title": "DNS activity",
"description": "",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"datasource": {
"name": "afoiuzkkxju2of"
},
"spec": {
"alias": "rcode=0",
"groupBy": [
{
"params": [
"$interval"
],
"type": "time"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "samba_dns_rcode",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)",
"rawQuery": false,
"resultFormat": "time_series",
"select": [
[
{
"params": [
"rcode"
],
"type": "field"
},
{
"params": [],
"type": "count"
}
]
],
"tags": [
{
"key": "rcode::field",
"operator": "=",
"value": "0"
},
{
"condition": "AND",
"key": "direction::tag",
"operator": "=",
"value": "out_packet"
}
]
}
},
"refId": "A",
"hidden": false
}
},
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"datasource": {
"name": "afoiuzkkxju2of"
},
"spec": {
"alias": "rcode=3",
"groupBy": [
{
"params": [
"$interval"
],
"type": "time"
},
{
"params": [
"null"
],
"type": "fill"
}
],
"measurement": "samba_dns_rcode",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)",
"rawQuery": false,
"resultFormat": "time_series",
"select": [
[
{
"params": [
"rcode"
],
"type": "field"
},
{
"params": [],
"type": "count"
}
]
],
"tags": [
{
"key": "rcode::field",
"operator": "=",
"value": "3"
},
{
"condition": "AND",
"key": "direction::tag",
"operator": "=",
"value": "out_packet"
}
]
}
},
"refId": "B",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"annotations": {
"clustering": -1,
"multiLane": false
},
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"fieldConfig": {
"defaults": {
"thresholds": {
"mode": "absolute",
"steps": [
{
"value": 0,
"color": "green"
},
{
"value": 80,
"color": "red"
}
]
},
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "smooth",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"showValues": false,
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
}
},
"overrides": []
}
}
}
}
}
},
"layout": {
"kind": "GridLayout",
"spec": {
"items": [
{
"kind": "GridLayoutItem",
"spec": {
"x": 0,
"y": 0,
"width": 24,
"height": 8,
"element": {
"kind": "ElementReference",
"name": "panel-1"
}
}
},
{
"kind": "GridLayoutItem",
"spec": {
"x": 0,
"y": 8,
"width": 24,
"height": 7,
"element": {
"kind": "ElementReference",
"name": "panel-7"
}
}
},
{
"kind": "GridLayoutItem",
"spec": {
"x": 0,
"y": 15,
"width": 24,
"height": 7,
"element": {
"kind": "ElementReference",
"name": "panel-8"
}
}
},
{
"kind": "GridLayoutItem",
"spec": {
"x": 0,
"y": 22,
"width": 12,
"height": 8,
"element": {
"kind": "ElementReference",
"name": "panel-2"
}
}
},
{
"kind": "GridLayoutItem",
"spec": {
"x": 12,
"y": 22,
"width": 12,
"height": 8,
"element": {
"kind": "ElementReference",
"name": "panel-3"
}
}
},
{
"kind": "GridLayoutItem",
"spec": {
"x": 0,
"y": 30,
"width": 12,
"height": 8,
"element": {
"kind": "ElementReference",
"name": "panel-4"
}
}
},
{
"kind": "GridLayoutItem",
"spec": {
"x": 12,
"y": 30,
"width": 12,
"height": 8,
"element": {
"kind": "ElementReference",
"name": "panel-5"
}
}
},
{
"kind": "GridLayoutItem",
"spec": {
"x": 0,
"y": 38,
"width": 12,
"height": 8,
"element": {
"kind": "ElementReference",
"name": "panel-6"
}
}
}
]
}
},
"links": [],
"liveNow": false,
"preload": false,
"tags": [
"samba",
"ad",
"audit"
],
"timeSettings": {
"timezone": "browser",
"from": "now-6h",
"to": "now",
"autoRefresh": "",
"autoRefreshIntervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"hideTimepicker": false,
"fiscalYearStartMonth": 0
},
"title": "Samba AD audit",
"variables": [
{
"kind": "IntervalVariable",
"spec": {
"name": "interval",
"query": "1s,3s,5s,10s,30s,1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
"current": {
"text": "1m",
"value": "1m"
},
"options": [
{
"selected": true,
"text": "1m",
"value": "1m"
},
{
"selected": false,
"text": "10m",
"value": "10m"
},
{
"selected": false,
"text": "30m",
"value": "30m"
},
{
"selected": false,
"text": "1h",
"value": "1h"
},
{
"selected": false,
"text": "6h",
"value": "6h"
},
{
"selected": false,
"text": "12h",
"value": "12h"
},
{
"selected": false,
"text": "1d",
"value": "1d"
}
],
"auto": false,
"auto_min": "10s",
"auto_count": 30,
"refresh": "onTimeRangeChanged",
"hide": "dontHide",
"skipUrlSync": false
}
}
],
"preferences": {
"layout": {
"kind": "GridLayout",
"spec": {
"items": []
}
}
}
}
}
| 1 | { |
| 2 | "apiVersion": "dashboard.grafana.app/v2", |
| 3 | "kind": "Dashboard", |
| 4 | "metadata": { |
| 5 | "name": "ad-samba-audit", |
| 6 | "namespace": "default", |
| 7 | "uid": "092a783d-214c-46fa-b429-7cb5b93a3f65", |
| 8 | "resourceVersion": "1782469594734004", |
| 9 | "generation": 12, |
| 10 | "creationTimestamp": "2026-06-09T12:20:41Z", |
| 11 | "labels": { |
| 12 | "grafana.app/deprecatedInternalID": "1673156113694720" |
| 13 | }, |
| 14 | "annotations": { |
| 15 | "grafana.app/createdBy": "user:efm4lmr01b20wa", |
| 16 | "grafana.app/folder": "", |
| 17 | "grafana.app/saved-from-ui": "Grafana v13.0.1+security-01 (9bbe672d)", |
| 18 | "grafana.app/updatedBy": "user:efm4lmr01b20wa", |
| 19 | "grafana.app/updatedTimestamp": "2026-06-26T10:26:34Z" |
| 20 | } |
| 21 | }, |
| 22 | "spec": { |
| 23 | "annotations": [ |
| 24 | { |
| 25 | "kind": "AnnotationQuery", |
| 26 | "spec": { |
| 27 | "query": { |
| 28 | "kind": "DataQuery", |
| 29 | "group": "grafana", |
| 30 | "version": "v0", |
| 31 | "spec": {} |
| 32 | }, |
| 33 | "enable": true, |
| 34 | "hide": true, |
| 35 | "iconColor": "rgba(0, 211, 255, 1)", |
| 36 | "name": "Annotations & Alerts", |
| 37 | "builtIn": true |
| 38 | } |
| 39 | } |
| 40 | ], |
| 41 | "cursorSync": "Off", |
| 42 | "editable": true, |
| 43 | "elements": { |
| 44 | "panel-1": { |
| 45 | "kind": "Panel", |
| 46 | "spec": { |
| 47 | "id": 1, |
| 48 | "title": "Logins OK", |
| 49 | "description": "Успешные входы в домен (samba_auth): машинные и пользовательские, разбивка по домену.", |
| 50 | "links": [], |
| 51 | "data": { |
| 52 | "kind": "QueryGroup", |
| 53 | "spec": { |
| 54 | "queries": [ |
| 55 | { |
| 56 | "kind": "PanelQuery", |
| 57 | "spec": { |
| 58 | "query": { |
| 59 | "kind": "DataQuery", |
| 60 | "group": "influxdb", |
| 61 | "version": "v0", |
| 62 | "datasource": { |
| 63 | "name": "afoiuzkkxju2of" |
| 64 | }, |
| 65 | "spec": { |
| 66 | "alias": "machine_login", |
| 67 | "groupBy": [ |
| 68 | { |
| 69 | "params": [ |
| 70 | "$interval" |
| 71 | ], |
| 72 | "type": "time" |
| 73 | }, |
| 74 | { |
| 75 | "params": [ |
| 76 | "domain::tag" |
| 77 | ], |
| 78 | "type": "tag" |
| 79 | }, |
| 80 | { |
| 81 | "params": [ |
| 82 | "null" |
| 83 | ], |
| 84 | "type": "fill" |
| 85 | } |
| 86 | ], |
| 87 | "measurement": "samba_auth", |
| 88 | "orderByTime": "ASC", |
| 89 | "policy": "default", |
| 90 | "query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)", |
| 91 | "rawQuery": false, |
| 92 | "resultFormat": "time_series", |
| 93 | "select": [ |
| 94 | [ |
| 95 | { |
| 96 | "params": [ |
| 97 | "client_account" |
| 98 | ], |
| 99 | "type": "field" |
| 100 | }, |
| 101 | { |
| 102 | "params": [], |
| 103 | "type": "count" |
| 104 | } |
| 105 | ] |
| 106 | ], |
| 107 | "tags": [ |
| 108 | { |
| 109 | "key": "status::tag", |
| 110 | "operator": "=", |
| 111 | "value": "NT_STATUS_OK" |
| 112 | }, |
| 113 | { |
| 114 | "condition": "AND", |
| 115 | "key": "account::tag", |
| 116 | "operator": "=~", |
| 117 | "value": "/^MACHINE/" |
| 118 | } |
| 119 | ] |
| 120 | } |
| 121 | }, |
| 122 | "refId": "A", |
| 123 | "hidden": false |
| 124 | } |
| 125 | }, |
| 126 | { |
| 127 | "kind": "PanelQuery", |
| 128 | "spec": { |
| 129 | "query": { |
| 130 | "kind": "DataQuery", |
| 131 | "group": "influxdb", |
| 132 | "version": "v0", |
| 133 | "datasource": { |
| 134 | "name": "afoiuzkkxju2of" |
| 135 | }, |
| 136 | "spec": { |
| 137 | "alias": "user_login", |
| 138 | "groupBy": [ |
| 139 | { |
| 140 | "params": [ |
| 141 | "$interval" |
| 142 | ], |
| 143 | "type": "time" |
| 144 | }, |
| 145 | { |
| 146 | "params": [ |
| 147 | "domain::tag" |
| 148 | ], |
| 149 | "type": "tag" |
| 150 | }, |
| 151 | { |
| 152 | "params": [ |
| 153 | "null" |
| 154 | ], |
| 155 | "type": "fill" |
| 156 | } |
| 157 | ], |
| 158 | "measurement": "samba_auth", |
| 159 | "orderByTime": "ASC", |
| 160 | "policy": "default", |
| 161 | "query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^user/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)", |
| 162 | "rawQuery": false, |
| 163 | "resultFormat": "time_series", |
| 164 | "select": [ |
| 165 | [ |
| 166 | { |
| 167 | "params": [ |
| 168 | "client_account" |
| 169 | ], |
| 170 | "type": "field" |
| 171 | }, |
| 172 | { |
| 173 | "params": [], |
| 174 | "type": "count" |
| 175 | } |
| 176 | ] |
| 177 | ], |
| 178 | "tags": [ |
| 179 | { |
| 180 | "key": "status::tag", |
| 181 | "operator": "=", |
| 182 | "value": "NT_STATUS_OK" |
| 183 | }, |
| 184 | { |
| 185 | "condition": "AND", |
| 186 | "key": "account::tag", |
| 187 | "operator": "=~", |
| 188 | "value": "/^user/" |
| 189 | }, |
| 190 | { |
| 191 | "condition": "OR", |
| 192 | "key": "account::tag", |
| 193 | "operator": "=~", |
| 194 | "value": "/^loadtest/" |
| 195 | } |
| 196 | ] |
| 197 | } |
| 198 | }, |
| 199 | "refId": "B", |
| 200 | "hidden": false |
| 201 | } |
| 202 | } |
| 203 | ], |
| 204 | "transformations": [], |
| 205 | "queryOptions": {} |
| 206 | } |
| 207 | }, |
| 208 | "vizConfig": { |
| 209 | "kind": "VizConfig", |
| 210 | "group": "timeseries", |
| 211 | "version": "13.0.1+security-01", |
| 212 | "spec": { |
| 213 | "options": { |
| 214 | "annotations": { |
| 215 | "clustering": -1, |
| 216 | "multiLane": false |
| 217 | }, |
| 218 | "legend": { |
| 219 | "calcs": [], |
| 220 | "displayMode": "list", |
| 221 | "placement": "bottom", |
| 222 | "showLegend": true |
| 223 | }, |
| 224 | "tooltip": { |
| 225 | "hideZeros": false, |
| 226 | "mode": "single", |
| 227 | "sort": "none" |
| 228 | } |
| 229 | }, |
| 230 | "fieldConfig": { |
| 231 | "defaults": { |
| 232 | "thresholds": { |
| 233 | "mode": "absolute", |
| 234 | "steps": [ |
| 235 | { |
| 236 | "value": 0, |
| 237 | "color": "green" |
| 238 | }, |
| 239 | { |
| 240 | "value": 80, |
| 241 | "color": "red" |
| 242 | } |
| 243 | ] |
| 244 | }, |
| 245 | "color": { |
| 246 | "mode": "palette-classic" |
| 247 | }, |
| 248 | "custom": { |
| 249 | "axisBorderShow": false, |
| 250 | "axisCenteredZero": false, |
| 251 | "axisColorMode": "text", |
| 252 | "axisLabel": "", |
| 253 | "axisPlacement": "auto", |
| 254 | "barAlignment": 0, |
| 255 | "barWidthFactor": 0.6, |
| 256 | "drawStyle": "line", |
| 257 | "fillOpacity": 10, |
| 258 | "gradientMode": "none", |
| 259 | "hideFrom": { |
| 260 | "legend": false, |
| 261 | "tooltip": false, |
| 262 | "viz": false |
| 263 | }, |
| 264 | "insertNulls": false, |
| 265 | "lineInterpolation": "smooth", |
| 266 | "lineWidth": 1, |
| 267 | "pointSize": 5, |
| 268 | "scaleDistribution": { |
| 269 | "type": "linear" |
| 270 | }, |
| 271 | "showPoints": "auto", |
| 272 | "showValues": false, |
| 273 | "spanNulls": false, |
| 274 | "stacking": { |
| 275 | "group": "A", |
| 276 | "mode": "none" |
| 277 | }, |
| 278 | "thresholdsStyle": { |
| 279 | "mode": "off" |
| 280 | } |
| 281 | } |
| 282 | }, |
| 283 | "overrides": [] |
| 284 | } |
| 285 | } |
| 286 | } |
| 287 | } |
| 288 | }, |
| 289 | "panel-2": { |
| 290 | "kind": "Panel", |
| 291 | "spec": { |
| 292 | "id": 2, |
| 293 | "title": "DSDB: изменения по операциям", |
| 294 | "description": "Число изменений объектов каталога (samba_dsdb), разбивка по типу операции.", |
| 295 | "links": [], |
| 296 | "data": { |
| 297 | "kind": "QueryGroup", |
| 298 | "spec": { |
| 299 | "queries": [ |
| 300 | { |
| 301 | "kind": "PanelQuery", |
| 302 | "spec": { |
| 303 | "query": { |
| 304 | "kind": "DataQuery", |
| 305 | "group": "influxdb", |
| 306 | "version": "v0", |
| 307 | "datasource": { |
| 308 | "name": "afoiuzkkxju2of" |
| 309 | }, |
| 310 | "spec": { |
| 311 | "groupBy": [], |
| 312 | "measurement": "samba_dsdb", |
| 313 | "orderByTime": "ASC", |
| 314 | "policy": "default", |
| 315 | "query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"operation\"::tag fill(null)", |
| 316 | "rawQuery": true, |
| 317 | "resultFormat": "time_series", |
| 318 | "select": [], |
| 319 | "tags": [] |
| 320 | } |
| 321 | }, |
| 322 | "refId": "A", |
| 323 | "hidden": false |
| 324 | } |
| 325 | } |
| 326 | ], |
| 327 | "transformations": [], |
| 328 | "queryOptions": {} |
| 329 | } |
| 330 | }, |
| 331 | "vizConfig": { |
| 332 | "kind": "VizConfig", |
| 333 | "group": "timeseries", |
| 334 | "version": "13.0.1+security-01", |
| 335 | "spec": { |
| 336 | "options": { |
| 337 | "annotations": { |
| 338 | "clustering": -1, |
| 339 | "multiLane": false |
| 340 | }, |
| 341 | "legend": { |
| 342 | "calcs": [], |
| 343 | "displayMode": "list", |
| 344 | "placement": "bottom", |
| 345 | "showLegend": true |
| 346 | }, |
| 347 | "tooltip": { |
| 348 | "hideZeros": false, |
| 349 | "mode": "multi", |
| 350 | "sort": "desc" |
| 351 | } |
| 352 | }, |
| 353 | "fieldConfig": { |
| 354 | "defaults": { |
| 355 | "thresholds": { |
| 356 | "mode": "absolute", |
| 357 | "steps": [ |
| 358 | { |
| 359 | "value": 0, |
| 360 | "color": "green" |
| 361 | }, |
| 362 | { |
| 363 | "value": 80, |
| 364 | "color": "red" |
| 365 | } |
| 366 | ] |
| 367 | }, |
| 368 | "color": { |
| 369 | "mode": "palette-classic" |
| 370 | }, |
| 371 | "custom": { |
| 372 | "axisBorderShow": false, |
| 373 | "axisCenteredZero": false, |
| 374 | "axisColorMode": "text", |
| 375 | "axisLabel": "", |
| 376 | "axisPlacement": "auto", |
| 377 | "barAlignment": 0, |
| 378 | "barWidthFactor": 0.6, |
| 379 | "drawStyle": "bars", |
| 380 | "fillOpacity": 50, |
| 381 | "gradientMode": "none", |
| 382 | "hideFrom": { |
| 383 | "legend": false, |
| 384 | "tooltip": false, |
| 385 | "viz": false |
| 386 | }, |
| 387 | "insertNulls": false, |
| 388 | "lineInterpolation": "linear", |
| 389 | "lineWidth": 1, |
| 390 | "pointSize": 5, |
| 391 | "scaleDistribution": { |
| 392 | "type": "linear" |
| 393 | }, |
| 394 | "showPoints": "auto", |
| 395 | "showValues": false, |
| 396 | "spanNulls": false, |
| 397 | "stacking": { |
| 398 | "group": "A", |
| 399 | "mode": "normal" |
| 400 | }, |
| 401 | "thresholdsStyle": { |
| 402 | "mode": "off" |
| 403 | } |
| 404 | } |
| 405 | }, |
| 406 | "overrides": [] |
| 407 | } |
| 408 | } |
| 409 | } |
| 410 | } |
| 411 | }, |
| 412 | "panel-3": { |
| 413 | "kind": "Panel", |
| 414 | "spec": { |
| 415 | "id": 3, |
| 416 | "title": "DSDB: система vs пользователь", |
| 417 | "description": "Изменения каталога с разбивкой по performedAsSystem (true = выполнено системой).", |
| 418 | "links": [], |
| 419 | "data": { |
| 420 | "kind": "QueryGroup", |
| 421 | "spec": { |
| 422 | "queries": [ |
| 423 | { |
| 424 | "kind": "PanelQuery", |
| 425 | "spec": { |
| 426 | "query": { |
| 427 | "kind": "DataQuery", |
| 428 | "group": "influxdb", |
| 429 | "version": "v0", |
| 430 | "datasource": { |
| 431 | "name": "afoiuzkkxju2of" |
| 432 | }, |
| 433 | "spec": { |
| 434 | "groupBy": [], |
| 435 | "measurement": "samba_dsdb", |
| 436 | "orderByTime": "ASC", |
| 437 | "policy": "default", |
| 438 | "query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"as_system\"::tag fill(null)", |
| 439 | "rawQuery": true, |
| 440 | "resultFormat": "time_series", |
| 441 | "select": [], |
| 442 | "tags": [] |
| 443 | } |
| 444 | }, |
| 445 | "refId": "A", |
| 446 | "hidden": false |
| 447 | } |
| 448 | } |
| 449 | ], |
| 450 | "transformations": [], |
| 451 | "queryOptions": {} |
| 452 | } |
| 453 | }, |
| 454 | "vizConfig": { |
| 455 | "kind": "VizConfig", |
| 456 | "group": "timeseries", |
| 457 | "version": "13.0.1+security-01", |
| 458 | "spec": { |
| 459 | "options": { |
| 460 | "annotations": { |
| 461 | "clustering": -1, |
| 462 | "multiLane": false |
| 463 | }, |
| 464 | "legend": { |
| 465 | "calcs": [], |
| 466 | "displayMode": "list", |
| 467 | "placement": "bottom", |
| 468 | "showLegend": true |
| 469 | }, |
| 470 | "tooltip": { |
| 471 | "hideZeros": false, |
| 472 | "mode": "multi", |
| 473 | "sort": "desc" |
| 474 | } |
| 475 | }, |
| 476 | "fieldConfig": { |
| 477 | "defaults": { |
| 478 | "thresholds": { |
| 479 | "mode": "absolute", |
| 480 | "steps": [ |
| 481 | { |
| 482 | "value": 0, |
| 483 | "color": "green" |
| 484 | }, |
| 485 | { |
| 486 | "value": 80, |
| 487 | "color": "red" |
| 488 | } |
| 489 | ] |
| 490 | }, |
| 491 | "color": { |
| 492 | "mode": "palette-classic" |
| 493 | }, |
| 494 | "custom": { |
| 495 | "axisBorderShow": false, |
| 496 | "axisCenteredZero": false, |
| 497 | "axisColorMode": "text", |
| 498 | "axisLabel": "", |
| 499 | "axisPlacement": "auto", |
| 500 | "barAlignment": 0, |
| 501 | "barWidthFactor": 0.6, |
| 502 | "drawStyle": "line", |
| 503 | "fillOpacity": 20, |
| 504 | "gradientMode": "none", |
| 505 | "hideFrom": { |
| 506 | "legend": false, |
| 507 | "tooltip": false, |
| 508 | "viz": false |
| 509 | }, |
| 510 | "insertNulls": false, |
| 511 | "lineInterpolation": "smooth", |
| 512 | "lineWidth": 1, |
| 513 | "pointSize": 5, |
| 514 | "scaleDistribution": { |
| 515 | "type": "linear" |
| 516 | }, |
| 517 | "showPoints": "auto", |
| 518 | "showValues": false, |
| 519 | "spanNulls": false, |
| 520 | "stacking": { |
| 521 | "group": "A", |
| 522 | "mode": "none" |
| 523 | }, |
| 524 | "thresholdsStyle": { |
| 525 | "mode": "off" |
| 526 | } |
| 527 | } |
| 528 | }, |
| 529 | "overrides": [] |
| 530 | } |
| 531 | } |
| 532 | } |
| 533 | } |
| 534 | }, |
| 535 | "panel-4": { |
| 536 | "kind": "Panel", |
| 537 | "spec": { |
| 538 | "id": 4, |
| 539 | "title": "DSDB: топ инициаторов (SID)", |
| 540 | "description": "Кто инициировал изменения каталога — разбивка по userSid.", |
| 541 | "links": [], |
| 542 | "data": { |
| 543 | "kind": "QueryGroup", |
| 544 | "spec": { |
| 545 | "queries": [ |
| 546 | { |
| 547 | "kind": "PanelQuery", |
| 548 | "spec": { |
| 549 | "query": { |
| 550 | "kind": "DataQuery", |
| 551 | "group": "influxdb", |
| 552 | "version": "v0", |
| 553 | "datasource": { |
| 554 | "name": "afoiuzkkxju2of" |
| 555 | }, |
| 556 | "spec": { |
| 557 | "groupBy": [], |
| 558 | "measurement": "samba_dsdb", |
| 559 | "orderByTime": "ASC", |
| 560 | "policy": "default", |
| 561 | "query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"user_sid\"::tag fill(null)", |
| 562 | "rawQuery": true, |
| 563 | "resultFormat": "time_series", |
| 564 | "select": [], |
| 565 | "tags": [] |
| 566 | } |
| 567 | }, |
| 568 | "refId": "A", |
| 569 | "hidden": false |
| 570 | } |
| 571 | } |
| 572 | ], |
| 573 | "transformations": [], |
| 574 | "queryOptions": {} |
| 575 | } |
| 576 | }, |
| 577 | "vizConfig": { |
| 578 | "kind": "VizConfig", |
| 579 | "group": "timeseries", |
| 580 | "version": "13.0.1+security-01", |
| 581 | "spec": { |
| 582 | "options": { |
| 583 | "annotations": { |
| 584 | "clustering": -1, |
| 585 | "multiLane": false |
| 586 | }, |
| 587 | "legend": { |
| 588 | "calcs": [ |
| 589 | "sum" |
| 590 | ], |
| 591 | "displayMode": "table", |
| 592 | "placement": "right", |
| 593 | "showLegend": true |
| 594 | }, |
| 595 | "tooltip": { |
| 596 | "hideZeros": false, |
| 597 | "mode": "multi", |
| 598 | "sort": "desc" |
| 599 | } |
| 600 | }, |
| 601 | "fieldConfig": { |
| 602 | "defaults": { |
| 603 | "thresholds": { |
| 604 | "mode": "absolute", |
| 605 | "steps": [ |
| 606 | { |
| 607 | "value": 0, |
| 608 | "color": "green" |
| 609 | }, |
| 610 | { |
| 611 | "value": 80, |
| 612 | "color": "red" |
| 613 | } |
| 614 | ] |
| 615 | }, |
| 616 | "color": { |
| 617 | "mode": "palette-classic" |
| 618 | }, |
| 619 | "custom": { |
| 620 | "axisBorderShow": false, |
| 621 | "axisCenteredZero": false, |
| 622 | "axisColorMode": "text", |
| 623 | "axisLabel": "", |
| 624 | "axisPlacement": "auto", |
| 625 | "barAlignment": 0, |
| 626 | "barWidthFactor": 0.6, |
| 627 | "drawStyle": "bars", |
| 628 | "fillOpacity": 50, |
| 629 | "gradientMode": "none", |
| 630 | "hideFrom": { |
| 631 | "legend": false, |
| 632 | "tooltip": false, |
| 633 | "viz": false |
| 634 | }, |
| 635 | "insertNulls": false, |
| 636 | "lineInterpolation": "linear", |
| 637 | "lineWidth": 1, |
| 638 | "pointSize": 5, |
| 639 | "scaleDistribution": { |
| 640 | "type": "linear" |
| 641 | }, |
| 642 | "showPoints": "auto", |
| 643 | "showValues": false, |
| 644 | "spanNulls": false, |
| 645 | "stacking": { |
| 646 | "group": "A", |
| 647 | "mode": "normal" |
| 648 | }, |
| 649 | "thresholdsStyle": { |
| 650 | "mode": "off" |
| 651 | } |
| 652 | } |
| 653 | }, |
| 654 | "overrides": [] |
| 655 | } |
| 656 | } |
| 657 | } |
| 658 | } |
| 659 | }, |
| 660 | "panel-5": { |
| 661 | "kind": "Panel", |
| 662 | "spec": { |
| 663 | "id": 5, |
| 664 | "title": "Транзакции: длительность (mean/max)", |
| 665 | "description": "Длительность транзакций каталога (samba_dsdb_tx) в микросекундах.", |
| 666 | "links": [], |
| 667 | "data": { |
| 668 | "kind": "QueryGroup", |
| 669 | "spec": { |
| 670 | "queries": [ |
| 671 | { |
| 672 | "kind": "PanelQuery", |
| 673 | "spec": { |
| 674 | "query": { |
| 675 | "kind": "DataQuery", |
| 676 | "group": "influxdb", |
| 677 | "version": "v0", |
| 678 | "datasource": { |
| 679 | "name": "afoiuzkkxju2of" |
| 680 | }, |
| 681 | "spec": { |
| 682 | "groupBy": [], |
| 683 | "measurement": "samba_dsdb_tx", |
| 684 | "orderByTime": "ASC", |
| 685 | "policy": "default", |
| 686 | "query": "SELECT mean(\"duration\") AS \"mean\", max(\"duration\") AS \"max\" FROM \"samba_dsdb_tx\" WHERE $timeFilter GROUP BY time($interval) fill(null)", |
| 687 | "rawQuery": true, |
| 688 | "resultFormat": "time_series", |
| 689 | "select": [], |
| 690 | "tags": [] |
| 691 | } |
| 692 | }, |
| 693 | "refId": "A", |
| 694 | "hidden": false |
| 695 | } |
| 696 | } |
| 697 | ], |
| 698 | "transformations": [], |
| 699 | "queryOptions": {} |
| 700 | } |
| 701 | }, |
| 702 | "vizConfig": { |
| 703 | "kind": "VizConfig", |
| 704 | "group": "timeseries", |
| 705 | "version": "13.0.1+security-01", |
| 706 | "spec": { |
| 707 | "options": { |
| 708 | "annotations": { |
| 709 | "clustering": -1, |
| 710 | "multiLane": false |
| 711 | }, |
| 712 | "legend": { |
| 713 | "calcs": [ |
| 714 | "mean", |
| 715 | "max" |
| 716 | ], |
| 717 | "displayMode": "table", |
| 718 | "placement": "bottom", |
| 719 | "showLegend": true |
| 720 | }, |
| 721 | "tooltip": { |
| 722 | "hideZeros": false, |
| 723 | "mode": "multi", |
| 724 | "sort": "desc" |
| 725 | } |
| 726 | }, |
| 727 | "fieldConfig": { |
| 728 | "defaults": { |
| 729 | "unit": "µs", |
| 730 | "thresholds": { |
| 731 | "mode": "absolute", |
| 732 | "steps": [ |
| 733 | { |
| 734 | "value": 0, |
| 735 | "color": "green" |
| 736 | }, |
| 737 | { |
| 738 | "value": 80, |
| 739 | "color": "red" |
| 740 | } |
| 741 | ] |
| 742 | }, |
| 743 | "color": { |
| 744 | "mode": "palette-classic" |
| 745 | }, |
| 746 | "custom": { |
| 747 | "axisBorderShow": false, |
| 748 | "axisCenteredZero": false, |
| 749 | "axisColorMode": "text", |
| 750 | "axisLabel": "", |
| 751 | "axisPlacement": "auto", |
| 752 | "barAlignment": 0, |
| 753 | "barWidthFactor": 0.6, |
| 754 | "drawStyle": "line", |
| 755 | "fillOpacity": 10, |
| 756 | "gradientMode": "none", |
| 757 | "hideFrom": { |
| 758 | "legend": false, |
| 759 | "tooltip": false, |
| 760 | "viz": false |
| 761 | }, |
| 762 | "insertNulls": false, |
| 763 | "lineInterpolation": "smooth", |
| 764 | "lineWidth": 1, |
| 765 | "pointSize": 5, |
| 766 | "scaleDistribution": { |
| 767 | "type": "linear" |
| 768 | }, |
| 769 | "showPoints": "auto", |
| 770 | "showValues": false, |
| 771 | "spanNulls": false, |
| 772 | "stacking": { |
| 773 | "group": "A", |
| 774 | "mode": "none" |
| 775 | }, |
| 776 | "thresholdsStyle": { |
| 777 | "mode": "off" |
| 778 | } |
| 779 | } |
| 780 | }, |
| 781 | "overrides": [] |
| 782 | } |
| 783 | } |
| 784 | } |
| 785 | } |
| 786 | }, |
| 787 | "panel-6": { |
| 788 | "kind": "Panel", |
| 789 | "spec": { |
| 790 | "id": 6, |
| 791 | "title": "Транзакции по типу действия", |
| 792 | "description": "Число транзакций каталога, разбивка по action (commit / rollback / prepare commit / begin).", |
| 793 | "links": [], |
| 794 | "data": { |
| 795 | "kind": "QueryGroup", |
| 796 | "spec": { |
| 797 | "queries": [ |
| 798 | { |
| 799 | "kind": "PanelQuery", |
| 800 | "spec": { |
| 801 | "query": { |
| 802 | "kind": "DataQuery", |
| 803 | "group": "influxdb", |
| 804 | "version": "v0", |
| 805 | "datasource": { |
| 806 | "name": "afoiuzkkxju2of" |
| 807 | }, |
| 808 | "spec": { |
| 809 | "groupBy": [], |
| 810 | "measurement": "samba_dsdb_tx", |
| 811 | "orderByTime": "ASC", |
| 812 | "policy": "default", |
| 813 | "query": "SELECT count(\"duration\") FROM \"samba_dsdb_tx\" WHERE $timeFilter GROUP BY time($interval), \"action\"::tag fill(null)", |
| 814 | "rawQuery": true, |
| 815 | "resultFormat": "time_series", |
| 816 | "select": [], |
| 817 | "tags": [] |
| 818 | } |
| 819 | }, |
| 820 | "refId": "A", |
| 821 | "hidden": false |
| 822 | } |
| 823 | } |
| 824 | ], |
| 825 | "transformations": [], |
| 826 | "queryOptions": {} |
| 827 | } |
| 828 | }, |
| 829 | "vizConfig": { |
| 830 | "kind": "VizConfig", |
| 831 | "group": "timeseries", |
| 832 | "version": "13.0.1+security-01", |
| 833 | "spec": { |
| 834 | "options": { |
| 835 | "annotations": { |
| 836 | "clustering": -1, |
| 837 | "multiLane": false |
| 838 | }, |
| 839 | "legend": { |
| 840 | "calcs": [], |
| 841 | "displayMode": "list", |
| 842 | "placement": "bottom", |
| 843 | "showLegend": true |
| 844 | }, |
| 845 | "tooltip": { |
| 846 | "hideZeros": false, |
| 847 | "mode": "multi", |
| 848 | "sort": "desc" |
| 849 | } |
| 850 | }, |
| 851 | "fieldConfig": { |
| 852 | "defaults": { |
| 853 | "thresholds": { |
| 854 | "mode": "absolute", |
| 855 | "steps": [ |
| 856 | { |
| 857 | "value": 0, |
| 858 | "color": "green" |
| 859 | }, |
| 860 | { |
| 861 | "value": 80, |
| 862 | "color": "red" |
| 863 | } |
| 864 | ] |
| 865 | }, |
| 866 | "color": { |
| 867 | "mode": "palette-classic" |
| 868 | }, |
| 869 | "custom": { |
| 870 | "axisBorderShow": false, |
| 871 | "axisCenteredZero": false, |
| 872 | "axisColorMode": "text", |
| 873 | "axisLabel": "", |
| 874 | "axisPlacement": "auto", |
| 875 | "barAlignment": 0, |
| 876 | "barWidthFactor": 0.6, |
| 877 | "drawStyle": "bars", |
| 878 | "fillOpacity": 50, |
| 879 | "gradientMode": "none", |
| 880 | "hideFrom": { |
| 881 | "legend": false, |
| 882 | "tooltip": false, |
| 883 | "viz": false |
| 884 | }, |
| 885 | "insertNulls": false, |
| 886 | "lineInterpolation": "linear", |
| 887 | "lineWidth": 1, |
| 888 | "pointSize": 5, |
| 889 | "scaleDistribution": { |
| 890 | "type": "linear" |
| 891 | }, |
| 892 | "showPoints": "auto", |
| 893 | "showValues": false, |
| 894 | "spanNulls": false, |
| 895 | "stacking": { |
| 896 | "group": "A", |
| 897 | "mode": "normal" |
| 898 | }, |
| 899 | "thresholdsStyle": { |
| 900 | "mode": "off" |
| 901 | } |
| 902 | } |
| 903 | }, |
| 904 | "overrides": [] |
| 905 | } |
| 906 | } |
| 907 | } |
| 908 | } |
| 909 | }, |
| 910 | "panel-7": { |
| 911 | "kind": "Panel", |
| 912 | "spec": { |
| 913 | "id": 7, |
| 914 | "title": "SMB activity", |
| 915 | "description": "", |
| 916 | "links": [], |
| 917 | "data": { |
| 918 | "kind": "QueryGroup", |
| 919 | "spec": { |
| 920 | "queries": [ |
| 921 | { |
| 922 | "kind": "PanelQuery", |
| 923 | "spec": { |
| 924 | "query": { |
| 925 | "kind": "DataQuery", |
| 926 | "group": "influxdb", |
| 927 | "version": "v0", |
| 928 | "datasource": { |
| 929 | "name": "afoiuzkkxju2of" |
| 930 | }, |
| 931 | "spec": { |
| 932 | "alias": "user_smb", |
| 933 | "groupBy": [ |
| 934 | { |
| 935 | "params": [ |
| 936 | "$interval" |
| 937 | ], |
| 938 | "type": "time" |
| 939 | }, |
| 940 | { |
| 941 | "params": [ |
| 942 | "domain::tag" |
| 943 | ], |
| 944 | "type": "tag" |
| 945 | }, |
| 946 | { |
| 947 | "params": [ |
| 948 | "null" |
| 949 | ], |
| 950 | "type": "fill" |
| 951 | } |
| 952 | ], |
| 953 | "measurement": "samba_authz", |
| 954 | "orderByTime": "ASC", |
| 955 | "policy": "default", |
| 956 | "query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)", |
| 957 | "rawQuery": false, |
| 958 | "resultFormat": "time_series", |
| 959 | "select": [ |
| 960 | [ |
| 961 | { |
| 962 | "params": [ |
| 963 | "auth_type" |
| 964 | ], |
| 965 | "type": "field" |
| 966 | }, |
| 967 | { |
| 968 | "params": [], |
| 969 | "type": "count" |
| 970 | } |
| 971 | ] |
| 972 | ], |
| 973 | "tags": [ |
| 974 | { |
| 975 | "key": "service::tag", |
| 976 | "operator": "=", |
| 977 | "value": "SMB2" |
| 978 | }, |
| 979 | { |
| 980 | "condition": "AND", |
| 981 | "key": "auth_type::field", |
| 982 | "operator": "=", |
| 983 | "value": "krb5" |
| 984 | }, |
| 985 | { |
| 986 | "condition": "AND", |
| 987 | "key": "account::tag", |
| 988 | "operator": "=~", |
| 989 | "value": "/^user-/" |
| 990 | } |
| 991 | ] |
| 992 | } |
| 993 | }, |
| 994 | "refId": "A", |
| 995 | "hidden": false |
| 996 | } |
| 997 | }, |
| 998 | { |
| 999 | "kind": "PanelQuery", |
| 1000 | "spec": { |
| 1001 | "query": { |
| 1002 | "kind": "DataQuery", |
| 1003 | "group": "influxdb", |
| 1004 | "version": "v0", |
| 1005 | "datasource": { |
| 1006 | "name": "afoiuzkkxju2of" |
| 1007 | }, |
| 1008 | "spec": { |
| 1009 | "alias": "machine_smb", |
| 1010 | "groupBy": [ |
| 1011 | { |
| 1012 | "params": [ |
| 1013 | "$interval" |
| 1014 | ], |
| 1015 | "type": "time" |
| 1016 | }, |
| 1017 | { |
| 1018 | "params": [ |
| 1019 | "domain::tag" |
| 1020 | ], |
| 1021 | "type": "tag" |
| 1022 | }, |
| 1023 | { |
| 1024 | "params": [ |
| 1025 | "null" |
| 1026 | ], |
| 1027 | "type": "fill" |
| 1028 | } |
| 1029 | ], |
| 1030 | "measurement": "samba_authz", |
| 1031 | "orderByTime": "ASC", |
| 1032 | "policy": "default", |
| 1033 | "query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)", |
| 1034 | "rawQuery": false, |
| 1035 | "resultFormat": "time_series", |
| 1036 | "select": [ |
| 1037 | [ |
| 1038 | { |
| 1039 | "params": [ |
| 1040 | "auth_type" |
| 1041 | ], |
| 1042 | "type": "field" |
| 1043 | }, |
| 1044 | { |
| 1045 | "params": [], |
| 1046 | "type": "count" |
| 1047 | } |
| 1048 | ] |
| 1049 | ], |
| 1050 | "tags": [ |
| 1051 | { |
| 1052 | "key": "service::tag", |
| 1053 | "operator": "=", |
| 1054 | "value": "SMB2" |
| 1055 | }, |
| 1056 | { |
| 1057 | "condition": "AND", |
| 1058 | "key": "auth_type::field", |
| 1059 | "operator": "=", |
| 1060 | "value": "krb5" |
| 1061 | }, |
| 1062 | { |
| 1063 | "condition": "AND", |
| 1064 | "key": "account::tag", |
| 1065 | "operator": "=~", |
| 1066 | "value": "/^MACHINE/" |
| 1067 | } |
| 1068 | ] |
| 1069 | } |
| 1070 | }, |
| 1071 | "refId": "B", |
| 1072 | "hidden": false |
| 1073 | } |
| 1074 | } |
| 1075 | ], |
| 1076 | "transformations": [], |
| 1077 | "queryOptions": {} |
| 1078 | } |
| 1079 | }, |
| 1080 | "vizConfig": { |
| 1081 | "kind": "VizConfig", |
| 1082 | "group": "timeseries", |
| 1083 | "version": "13.0.1+security-01", |
| 1084 | "spec": { |
| 1085 | "options": { |
| 1086 | "annotations": { |
| 1087 | "clustering": -1, |
| 1088 | "multiLane": false |
| 1089 | }, |
| 1090 | "legend": { |
| 1091 | "calcs": [], |
| 1092 | "displayMode": "list", |
| 1093 | "placement": "bottom", |
| 1094 | "showLegend": true |
| 1095 | }, |
| 1096 | "tooltip": { |
| 1097 | "hideZeros": false, |
| 1098 | "mode": "single", |
| 1099 | "sort": "none" |
| 1100 | } |
| 1101 | }, |
| 1102 | "fieldConfig": { |
| 1103 | "defaults": { |
| 1104 | "thresholds": { |
| 1105 | "mode": "absolute", |
| 1106 | "steps": [ |
| 1107 | { |
| 1108 | "value": 0, |
| 1109 | "color": "green" |
| 1110 | }, |
| 1111 | { |
| 1112 | "value": 80, |
| 1113 | "color": "red" |
| 1114 | } |
| 1115 | ] |
| 1116 | }, |
| 1117 | "color": { |
| 1118 | "mode": "palette-classic" |
| 1119 | }, |
| 1120 | "custom": { |
| 1121 | "axisBorderShow": false, |
| 1122 | "axisCenteredZero": false, |
| 1123 | "axisColorMode": "text", |
| 1124 | "axisLabel": "", |
| 1125 | "axisPlacement": "auto", |
| 1126 | "barAlignment": 0, |
| 1127 | "barWidthFactor": 0.6, |
| 1128 | "drawStyle": "line", |
| 1129 | "fillOpacity": 10, |
| 1130 | "gradientMode": "none", |
| 1131 | "hideFrom": { |
| 1132 | "legend": false, |
| 1133 | "tooltip": false, |
| 1134 | "viz": false |
| 1135 | }, |
| 1136 | "insertNulls": false, |
| 1137 | "lineInterpolation": "smooth", |
| 1138 | "lineWidth": 1, |
| 1139 | "pointSize": 5, |
| 1140 | "scaleDistribution": { |
| 1141 | "type": "linear" |
| 1142 | }, |
| 1143 | "showPoints": "auto", |
| 1144 | "showValues": false, |
| 1145 | "spanNulls": false, |
| 1146 | "stacking": { |
| 1147 | "group": "A", |
| 1148 | "mode": "none" |
| 1149 | }, |
| 1150 | "thresholdsStyle": { |
| 1151 | "mode": "off" |
| 1152 | } |
| 1153 | } |
| 1154 | }, |
| 1155 | "overrides": [] |
| 1156 | } |
| 1157 | } |
| 1158 | } |
| 1159 | } |
| 1160 | }, |
| 1161 | "panel-8": { |
| 1162 | "kind": "Panel", |
| 1163 | "spec": { |
| 1164 | "id": 8, |
| 1165 | "title": "DNS activity", |
| 1166 | "description": "", |
| 1167 | "links": [], |
| 1168 | "data": { |
| 1169 | "kind": "QueryGroup", |
| 1170 | "spec": { |
| 1171 | "queries": [ |
| 1172 | { |
| 1173 | "kind": "PanelQuery", |
| 1174 | "spec": { |
| 1175 | "query": { |
| 1176 | "kind": "DataQuery", |
| 1177 | "group": "influxdb", |
| 1178 | "version": "v0", |
| 1179 | "datasource": { |
| 1180 | "name": "afoiuzkkxju2of" |
| 1181 | }, |
| 1182 | "spec": { |
| 1183 | "alias": "rcode=0", |
| 1184 | "groupBy": [ |
| 1185 | { |
| 1186 | "params": [ |
| 1187 | "$interval" |
| 1188 | ], |
| 1189 | "type": "time" |
| 1190 | }, |
| 1191 | { |
| 1192 | "params": [ |
| 1193 | "null" |
| 1194 | ], |
| 1195 | "type": "fill" |
| 1196 | } |
| 1197 | ], |
| 1198 | "measurement": "samba_dns_rcode", |
| 1199 | "orderByTime": "ASC", |
| 1200 | "policy": "default", |
| 1201 | "query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)", |
| 1202 | "rawQuery": false, |
| 1203 | "resultFormat": "time_series", |
| 1204 | "select": [ |
| 1205 | [ |
| 1206 | { |
| 1207 | "params": [ |
| 1208 | "rcode" |
| 1209 | ], |
| 1210 | "type": "field" |
| 1211 | }, |
| 1212 | { |
| 1213 | "params": [], |
| 1214 | "type": "count" |
| 1215 | } |
| 1216 | ] |
| 1217 | ], |
| 1218 | "tags": [ |
| 1219 | { |
| 1220 | "key": "rcode::field", |
| 1221 | "operator": "=", |
| 1222 | "value": "0" |
| 1223 | }, |
| 1224 | { |
| 1225 | "condition": "AND", |
| 1226 | "key": "direction::tag", |
| 1227 | "operator": "=", |
| 1228 | "value": "out_packet" |
| 1229 | } |
| 1230 | ] |
| 1231 | } |
| 1232 | }, |
| 1233 | "refId": "A", |
| 1234 | "hidden": false |
| 1235 | } |
| 1236 | }, |
| 1237 | { |
| 1238 | "kind": "PanelQuery", |
| 1239 | "spec": { |
| 1240 | "query": { |
| 1241 | "kind": "DataQuery", |
| 1242 | "group": "influxdb", |
| 1243 | "version": "v0", |
| 1244 | "datasource": { |
| 1245 | "name": "afoiuzkkxju2of" |
| 1246 | }, |
| 1247 | "spec": { |
| 1248 | "alias": "rcode=3", |
| 1249 | "groupBy": [ |
| 1250 | { |
| 1251 | "params": [ |
| 1252 | "$interval" |
| 1253 | ], |
| 1254 | "type": "time" |
| 1255 | }, |
| 1256 | { |
| 1257 | "params": [ |
| 1258 | "null" |
| 1259 | ], |
| 1260 | "type": "fill" |
| 1261 | } |
| 1262 | ], |
| 1263 | "measurement": "samba_dns_rcode", |
| 1264 | "orderByTime": "ASC", |
| 1265 | "policy": "default", |
| 1266 | "query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)", |
| 1267 | "rawQuery": false, |
| 1268 | "resultFormat": "time_series", |
| 1269 | "select": [ |
| 1270 | [ |
| 1271 | { |
| 1272 | "params": [ |
| 1273 | "rcode" |
| 1274 | ], |
| 1275 | "type": "field" |
| 1276 | }, |
| 1277 | { |
| 1278 | "params": [], |
| 1279 | "type": "count" |
| 1280 | } |
| 1281 | ] |
| 1282 | ], |
| 1283 | "tags": [ |
| 1284 | { |
| 1285 | "key": "rcode::field", |
| 1286 | "operator": "=", |
| 1287 | "value": "3" |
| 1288 | }, |
| 1289 | { |
| 1290 | "condition": "AND", |
| 1291 | "key": "direction::tag", |
| 1292 | "operator": "=", |
| 1293 | "value": "out_packet" |
| 1294 | } |
| 1295 | ] |
| 1296 | } |
| 1297 | }, |
| 1298 | "refId": "B", |
| 1299 | "hidden": false |
| 1300 | } |
| 1301 | } |
| 1302 | ], |
| 1303 | "transformations": [], |
| 1304 | "queryOptions": {} |
| 1305 | } |
| 1306 | }, |
| 1307 | "vizConfig": { |
| 1308 | "kind": "VizConfig", |
| 1309 | "group": "timeseries", |
| 1310 | "version": "13.0.1+security-01", |
| 1311 | "spec": { |
| 1312 | "options": { |
| 1313 | "annotations": { |
| 1314 | "clustering": -1, |
| 1315 | "multiLane": false |
| 1316 | }, |
| 1317 | "legend": { |
| 1318 | "calcs": [], |
| 1319 | "displayMode": "list", |
| 1320 | "placement": "bottom", |
| 1321 | "showLegend": true |
| 1322 | }, |
| 1323 | "tooltip": { |
| 1324 | "hideZeros": false, |
| 1325 | "mode": "single", |
| 1326 | "sort": "none" |
| 1327 | } |
| 1328 | }, |
| 1329 | "fieldConfig": { |
| 1330 | "defaults": { |
| 1331 | "thresholds": { |
| 1332 | "mode": "absolute", |
| 1333 | "steps": [ |
| 1334 | { |
| 1335 | "value": 0, |
| 1336 | "color": "green" |
| 1337 | }, |
| 1338 | { |
| 1339 | "value": 80, |
| 1340 | "color": "red" |
| 1341 | } |
| 1342 | ] |
| 1343 | }, |
| 1344 | "color": { |
| 1345 | "mode": "palette-classic" |
| 1346 | }, |
| 1347 | "custom": { |
| 1348 | "axisBorderShow": false, |
| 1349 | "axisCenteredZero": false, |
| 1350 | "axisColorMode": "text", |
| 1351 | "axisLabel": "", |
| 1352 | "axisPlacement": "auto", |
| 1353 | "barAlignment": 0, |
| 1354 | "barWidthFactor": 0.6, |
| 1355 | "drawStyle": "line", |
| 1356 | "fillOpacity": 10, |
| 1357 | "gradientMode": "none", |
| 1358 | "hideFrom": { |
| 1359 | "legend": false, |
| 1360 | "tooltip": false, |
| 1361 | "viz": false |
| 1362 | }, |
| 1363 | "insertNulls": false, |
| 1364 | "lineInterpolation": "smooth", |
| 1365 | "lineWidth": 1, |
| 1366 | "pointSize": 5, |
| 1367 | "scaleDistribution": { |
| 1368 | "type": "linear" |
| 1369 | }, |
| 1370 | "showPoints": "auto", |
| 1371 | "showValues": false, |
| 1372 | "spanNulls": false, |
| 1373 | "stacking": { |
| 1374 | "group": "A", |
| 1375 | "mode": "none" |
| 1376 | }, |
| 1377 | "thresholdsStyle": { |
| 1378 | "mode": "off" |
| 1379 | } |
| 1380 | } |
| 1381 | }, |
| 1382 | "overrides": [] |
| 1383 | } |
| 1384 | } |
| 1385 | } |
| 1386 | } |
| 1387 | } |
| 1388 | }, |
| 1389 | "layout": { |
| 1390 | "kind": "GridLayout", |
| 1391 | "spec": { |
| 1392 | "items": [ |
| 1393 | { |
| 1394 | "kind": "GridLayoutItem", |
| 1395 | "spec": { |
| 1396 | "x": 0, |
| 1397 | "y": 0, |
| 1398 | "width": 24, |
| 1399 | "height": 8, |
| 1400 | "element": { |
| 1401 | "kind": "ElementReference", |
| 1402 | "name": "panel-1" |
| 1403 | } |
| 1404 | } |
| 1405 | }, |
| 1406 | { |
| 1407 | "kind": "GridLayoutItem", |
| 1408 | "spec": { |
| 1409 | "x": 0, |
| 1410 | "y": 8, |
| 1411 | "width": 24, |
| 1412 | "height": 7, |
| 1413 | "element": { |
| 1414 | "kind": "ElementReference", |
| 1415 | "name": "panel-7" |
| 1416 | } |
| 1417 | } |
| 1418 | }, |
| 1419 | { |
| 1420 | "kind": "GridLayoutItem", |
| 1421 | "spec": { |
| 1422 | "x": 0, |
| 1423 | "y": 15, |
| 1424 | "width": 24, |
| 1425 | "height": 7, |
| 1426 | "element": { |
| 1427 | "kind": "ElementReference", |
| 1428 | "name": "panel-8" |
| 1429 | } |
| 1430 | } |
| 1431 | }, |
| 1432 | { |
| 1433 | "kind": "GridLayoutItem", |
| 1434 | "spec": { |
| 1435 | "x": 0, |
| 1436 | "y": 22, |
| 1437 | "width": 12, |
| 1438 | "height": 8, |
| 1439 | "element": { |
| 1440 | "kind": "ElementReference", |
| 1441 | "name": "panel-2" |
| 1442 | } |
| 1443 | } |
| 1444 | }, |
| 1445 | { |
| 1446 | "kind": "GridLayoutItem", |
| 1447 | "spec": { |
| 1448 | "x": 12, |
| 1449 | "y": 22, |
| 1450 | "width": 12, |
| 1451 | "height": 8, |
| 1452 | "element": { |
| 1453 | "kind": "ElementReference", |
| 1454 | "name": "panel-3" |
| 1455 | } |
| 1456 | } |
| 1457 | }, |
| 1458 | { |
| 1459 | "kind": "GridLayoutItem", |
| 1460 | "spec": { |
| 1461 | "x": 0, |
| 1462 | "y": 30, |
| 1463 | "width": 12, |
| 1464 | "height": 8, |
| 1465 | "element": { |
| 1466 | "kind": "ElementReference", |
| 1467 | "name": "panel-4" |
| 1468 | } |
| 1469 | } |
| 1470 | }, |
| 1471 | { |
| 1472 | "kind": "GridLayoutItem", |
| 1473 | "spec": { |
| 1474 | "x": 12, |
| 1475 | "y": 30, |
| 1476 | "width": 12, |
| 1477 | "height": 8, |
| 1478 | "element": { |
| 1479 | "kind": "ElementReference", |
| 1480 | "name": "panel-5" |
| 1481 | } |
| 1482 | } |
| 1483 | }, |
| 1484 | { |
| 1485 | "kind": "GridLayoutItem", |
| 1486 | "spec": { |
| 1487 | "x": 0, |
| 1488 | "y": 38, |
| 1489 | "width": 12, |
| 1490 | "height": 8, |
| 1491 | "element": { |
| 1492 | "kind": "ElementReference", |
| 1493 | "name": "panel-6" |
| 1494 | } |
| 1495 | } |
| 1496 | } |
| 1497 | ] |
| 1498 | } |
| 1499 | }, |
| 1500 | "links": [], |
| 1501 | "liveNow": false, |
| 1502 | "preload": false, |
| 1503 | "tags": [ |
| 1504 | "samba", |
| 1505 | "ad", |
| 1506 | "audit" |
| 1507 | ], |
| 1508 | "timeSettings": { |
| 1509 | "timezone": "browser", |
| 1510 | "from": "now-6h", |
| 1511 | "to": "now", |
| 1512 | "autoRefresh": "", |
| 1513 | "autoRefreshIntervals": [ |
| 1514 | "5s", |
| 1515 | "10s", |
| 1516 | "30s", |
| 1517 | "1m", |
| 1518 | "5m", |
| 1519 | "15m", |
| 1520 | "30m", |
| 1521 | "1h", |
| 1522 | "2h", |
| 1523 | "1d" |
| 1524 | ], |
| 1525 | "hideTimepicker": false, |
| 1526 | "fiscalYearStartMonth": 0 |
| 1527 | }, |
| 1528 | "title": "Samba AD audit", |
| 1529 | "variables": [ |
| 1530 | { |
| 1531 | "kind": "IntervalVariable", |
| 1532 | "spec": { |
| 1533 | "name": "interval", |
| 1534 | "query": "1s,3s,5s,10s,30s,1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", |
| 1535 | "current": { |
| 1536 | "text": "1m", |
| 1537 | "value": "1m" |
| 1538 | }, |
| 1539 | "options": [ |
| 1540 | { |
| 1541 | "selected": true, |
| 1542 | "text": "1m", |
| 1543 | "value": "1m" |
| 1544 | }, |
| 1545 | { |
| 1546 | "selected": false, |
| 1547 | "text": "10m", |
| 1548 | "value": "10m" |
| 1549 | }, |
| 1550 | { |
| 1551 | "selected": false, |
| 1552 | "text": "30m", |
| 1553 | "value": "30m" |
| 1554 | }, |
| 1555 | { |
| 1556 | "selected": false, |
| 1557 | "text": "1h", |
| 1558 | "value": "1h" |
| 1559 | }, |
| 1560 | { |
| 1561 | "selected": false, |
| 1562 | "text": "6h", |
| 1563 | "value": "6h" |
| 1564 | }, |
| 1565 | { |
| 1566 | "selected": false, |
| 1567 | "text": "12h", |
| 1568 | "value": "12h" |
| 1569 | }, |
| 1570 | { |
| 1571 | "selected": false, |
| 1572 | "text": "1d", |
| 1573 | "value": "1d" |
| 1574 | } |
| 1575 | ], |
| 1576 | "auto": false, |
| 1577 | "auto_min": "10s", |
| 1578 | "auto_count": 30, |
| 1579 | "refresh": "onTimeRangeChanged", |
| 1580 | "hide": "dontHide", |
| 1581 | "skipUrlSync": false |
| 1582 | } |
| 1583 | } |
| 1584 | ], |
| 1585 | "preferences": { |
| 1586 | "layout": { |
| 1587 | "kind": "GridLayout", |
| 1588 | "spec": { |
| 1589 | "items": [] |
| 1590 | } |
| 1591 | } |
| 1592 | } |
| 1593 | } |
| 1594 | } |